CN112929173A - 一种基于签字识别数字证书认证方法 - Google Patents
一种基于签字识别数字证书认证方法 Download PDFInfo
- Publication number
- CN112929173A CN112929173A CN202110283430.9A CN202110283430A CN112929173A CN 112929173 A CN112929173 A CN 112929173A CN 202110283430 A CN202110283430 A CN 202110283430A CN 112929173 A CN112929173 A CN 112929173A
- Authority
- CN
- China
- Prior art keywords
- matrix
- encryption
- signature
- authentication method
- method based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/30—Writer recognition; Reading and verifying signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
本发明提供了一种基于签字识别数字签名认证方法,通过采集签名过程中出现较多的特征点,通过矩阵运算采集其对应的特征值。将其图像采集出来的特征值矩阵用特定的CA的私钥算法进行加密后形成特定的加密矩阵,接着通过将其用户信息的hashcode和加密矩阵的hashcode进行拼接形成新的字符串,接着通过Base64的编码格式对新的字符串进行编码生成特点的指纹存储在其证书上,同时数据库也会存储其特定的指纹,和指定的用户名信息,用于身份认证比对。
Description
技术领域
本发明涉及信息安全,网络安全领域,尤其涉及一种基于签字识别数字证书认证方法。
背景技术
签名识别是一种基于图像处理的身份识别方式,通过采集签字过程中图像的矩阵信息,然后与数字证书上的签名信息进行相似性比对,利于类似双签名的策略进一步防止了在网络上用户身份被冒用,一定程度上保证信息和数据的完整性和安全性。
发明内容
针对现有技术中的不足,本发明的目的在于本发明提供了一种基于签字识别的方法用解决传统网络交易中身份被冒用的问题。和传统数字证书数字证书不同,该证书指纹中加上用户书写签名的相似矩阵,用户必须个人信息正确和书写内容相似才可以进行通过身份认证,从而达到强身份认证。想要进行以下操作:
1.提取签名的相似点,获取其相似的矩阵,通过以下方法达到其相似矩阵,
通过对(1)进行反复迭代,得到以下公式:
2.获取其指定的hash值,hash函数有以下几大特点:输入敏感、不可逆行,冲突避免。在进行hash寻址的时候容易造成时间复杂度过大,所以需要选择合适的hash算法。而为了减少时间消耗,选择sha类型的hash算法,一定程度上解决时间开销过大问题;
3.进行非对称加密,选择ECC加密算法,该算法基于椭圆加密曲线进行设计的一种公开密钥的算法,相比于传统的RSA加密,该加密算法安全性特别高,在相同加密位数的前提下,ECC的安全性在RSA的10倍以上,同时ECC一定程度上解决了传统非对称加密过程中解码速度满,Y占据带宽大等一系列问题;
对椭圆进行积分运算可以计算出
椭圆公式的表达形式为:
E的判别式为:
过曲线上两点做直线,求与曲线的第三个交点的问题是很容易用代数的方法来描述的,也即是求:
化简表达式可以得到以下的值
所以椭圆曲线的形式如下
同理可得
所述的为椭圆曲线认证方法的基本原理
4.CRL进行证书吊销比对,CRL为信任的CA定期签发的用于记录,用户访问指定服务端时,服务器先检查证书日期是否过期,然后检查该CA定期颁发的CRL。如果该证书记录在CRL上表示该证书已经撤销;
5.接着用户书写输入指定的信息,通过上述方法获取相似矩阵,将其和证书上除指纹上的个人信息进行hash编码,接着客户端证书的CA公钥对指纹进行认证,若两者的hash值成功意味着第二次认证成功。
附图说明
图1示出了根据本发明示例实施例的一种基于签字识别数字证书的认证方法流程图。
具体实施方式
图1示出了根据本发明示例实施例的一种基于签字识别数字证书的认证方法流程图。
首先,按照上述方法采集用户指定的签字信息的特征矩阵在S101里。
在S102 中登陆指定的服务端地址。
在S102服务器在指定的发布网站上下载指定的CRL文件。
在S103 服务器访问CRl文件检查证书的实用性。
在S104若该证书的信息记录在指定的CRL信息该证书失效结束。
在S105验证成功后,则第一次验证成功。
在S106 用户书写输入指定的信息,通过上述的算法进行矩阵相似度的运算,
进行多次迭代,可得,
在S106里讲用户信息和其特征矩阵进行sha进行hashcode加密。
在S107通过椭圆加密曲线对证书被CA私钥签名的证书进行公钥认证
在S108里讲用户信息和其特征矩阵进行sha进行hashcode加密。
在S109通过椭圆加密曲线对证书被CA私钥签名的证书进行公钥认证,
若比较失败跳到S110,第二次验证失败。
在S111里将hash两者hash进行比对,若进行比对成功,则第二次验证成功,则第二次验证成功。
Claims (2)
1.一种基于签字识别数字签名认证方法,通过采集签名后图片的矩阵,进行归一化处理形成特定的矩阵,接着将其和用户名信息拼接成新的字符串,接着出去特点的加密算法进行加密形成加密矩阵,最后以base64的形式进行储存。
2.一种基于签字识别的将图像处理和网络中身份认证相互结合,可以防止在网络用户身份被冒用,用户必须按照指定的证书,当登入指定的网站中书写随机信息,通过比对其矩阵的相似性来进一步判断身份是否被冒用。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110283430.9A CN112929173A (zh) | 2021-03-17 | 2021-03-17 | 一种基于签字识别数字证书认证方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110283430.9A CN112929173A (zh) | 2021-03-17 | 2021-03-17 | 一种基于签字识别数字证书认证方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112929173A true CN112929173A (zh) | 2021-06-08 |
Family
ID=76175617
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110283430.9A Pending CN112929173A (zh) | 2021-03-17 | 2021-03-17 | 一种基于签字识别数字证书认证方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112929173A (zh) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998048539A1 (en) * | 1997-04-24 | 1998-10-29 | State Of Israel, Atomic Energy Commission, Nuclear Research Center - Negev | Apparatus and method for signing and authenticating digital signatures |
US6745327B1 (en) * | 1998-05-20 | 2004-06-01 | John H. Messing | Electronic certificate signature program |
EP2615572A1 (en) * | 2012-01-16 | 2013-07-17 | Xerox Corporation | Image segmentation based on approximation of segmentation similarity |
CN105530258A (zh) * | 2015-12-18 | 2016-04-27 | 努比亚技术有限公司 | 电子签名装置及方法 |
CN107657241A (zh) * | 2017-10-09 | 2018-02-02 | 河海大学常州校区 | 一种面向签字笔的签名真伪性鉴别系统 |
CN108737376A (zh) * | 2018-04-16 | 2018-11-02 | 北京明朝万达科技股份有限公司 | 一种基于指纹和数字证书的双因子认证方法及系统 |
-
2021
- 2021-03-17 CN CN202110283430.9A patent/CN112929173A/zh active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998048539A1 (en) * | 1997-04-24 | 1998-10-29 | State Of Israel, Atomic Energy Commission, Nuclear Research Center - Negev | Apparatus and method for signing and authenticating digital signatures |
US6745327B1 (en) * | 1998-05-20 | 2004-06-01 | John H. Messing | Electronic certificate signature program |
EP2615572A1 (en) * | 2012-01-16 | 2013-07-17 | Xerox Corporation | Image segmentation based on approximation of segmentation similarity |
CN105530258A (zh) * | 2015-12-18 | 2016-04-27 | 努比亚技术有限公司 | 电子签名装置及方法 |
CN107657241A (zh) * | 2017-10-09 | 2018-02-02 | 河海大学常州校区 | 一种面向签字笔的签名真伪性鉴别系统 |
CN108737376A (zh) * | 2018-04-16 | 2018-11-02 | 北京明朝万达科技股份有限公司 | 一种基于指纹和数字证书的双因子认证方法及系统 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10396985B1 (en) | Federated identity management based on biometric data | |
US10880080B1 (en) | Cryptographic key generation from biometric data | |
US10521616B2 (en) | Remote re-enrollment of physical unclonable functions | |
US10541818B2 (en) | Decentralized biometric signing of digital contracts | |
CN110674523B (zh) | 一种数字签名结合手写签名确认电子合同签署人的方法 | |
Li et al. | An effective biometric cryptosystem combining fingerprints with error correction codes | |
CN108696358B (zh) | 数字证书的管理方法、装置、可读存储介质及服务终端 | |
US20160269178A1 (en) | Privacy-Enhanced Biometrics-Secret Binding Scheme | |
US20060239511A1 (en) | System and method for protecting the privacy and security of stored biometric data | |
KR20020047131A (ko) | 데이터 보호 방법 | |
US20080313726A1 (en) | Integrated systems for simultaneous mutual authentication of database and user | |
CN108009445B (zh) | 一种半中心化的可信数据管理系统 | |
JP5676592B2 (ja) | 参照点を使用した及び使用しない頑強なバイオメトリック特徴抽出 | |
KR102360386B1 (ko) | 이종 통신 네트워크 환경에서 원 엔터티를 검증 가능하며 인증 가능한 엔터티로 변환하기 위한 시스템, 방법 및 서버 컴퓨터 시스템 | |
Liu et al. | Encrypted domain matching of fingerprint minutia cylinder-code (MCC) with l1 minimization | |
US11722306B2 (en) | Method for strong authentication of an individual | |
Delgado-Mohatar et al. | Blockchain meets biometrics: Concepts, application to template protection, and trends | |
Martínez et al. | Secure crypto-biometric system for cloud computing | |
CN113343313A (zh) | 验证报告有效性鉴定方法、法律服务系统和可读存储介质 | |
CN116010917A (zh) | 隐私保护的图像处理方法、身份注册方法及身份认证方法 | |
US11070378B1 (en) | Signcrypted biometric electronic signature tokens | |
Yang et al. | A Delaunay triangle group based fuzzy vault with cancellability | |
CN106709716A (zh) | 基于生物特征加密进行pboc交易的方法、装置及系统 | |
CN112929173A (zh) | 一种基于签字识别数字证书认证方法 | |
JP2008542898A (ja) | テンプレート保護システムでの分類境界の形成 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210608 |
|
WD01 | Invention patent application deemed withdrawn after publication |